CVE-2025-15220 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2025-15220?

CVE-2025-15220 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows attackers to inject malicious scripts into SohuTV CacheCloud's login controller, enabling cross-site scripting (XSS) attacks. Remote attackers can execute arbitrary JavaScript in users' browsers when they visit the vulnerable login page. All users of SohuTV CacheCloud up to version 3.2.0 are affected.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into SohuTV CacheCloud's login controller, enabling cross-site scripting (XSS) attacks. Remote attackers can execute arbitrary JavaScript in users' browsers when they visit the vulnerable login page. All users of SohuTV CacheCloud up to version 3.2.0 are affected.

💻 Affected Systems

Products:

SohuTV CacheCloud

Versions: Up to and including 3.2.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration of the login controller component.

📦 What is this software?

Cachecloud by Sohu

View all CVEs affecting Cachecloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal user session cookies, credentials, or perform actions on behalf of authenticated users, potentially leading to account takeover and data theft.

🟠

Likely Case

Attackers inject malicious scripts to steal session tokens or redirect users to phishing sites, compromising individual user accounts.

🟢

If Mitigated

With proper input validation and output encoding, the attack would fail to execute malicious scripts, limiting impact to attempted exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The exploit is publicly available and requires no authentication, making it easy for attackers to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Monitor the official SohuTV CacheCloud repository for security updates. 2. Apply any available patches for versions above 3.2.0. 3. Restart the CacheCloud service after patching.

🔧 Temporary Workarounds

Implement Input Validation and Output Encoding

all

Add server-side validation to sanitize user input in the login controller and implement proper output encoding for all user-controlled data.

Modify src/main/java/com/sohu/cache/web/controller/LoginController.java to add input sanitization and output encoding

Deploy Web Application Firewall (WAF)

all

Configure WAF rules to detect and block XSS payloads targeting the login endpoint.

Configure WAF with XSS detection rules for /login endpoints

🧯 If You Can't Patch

Isolate the CacheCloud instance behind a reverse proxy with strict input filtering
Implement Content Security Policy (CSP) headers to restrict script execution

🔍 How to Verify

Check if Vulnerable:

Test the login endpoint with XSS payloads like <script>alert('XSS')</script> and check if scripts execute in response.

Check Version:

Check the CacheCloud version in application configuration or via admin interface

Verify Fix Applied:

After applying fixes, retest with XSS payloads to confirm scripts no longer execute and input is properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /login with script tags or JavaScript code in parameters
Multiple failed login attempts with suspicious payloads

Network Indicators:

HTTP requests containing <script>, javascript:, or other XSS patterns in login parameters

SIEM Query:

source="cachecloud" AND (uri_path="/login" AND (request_body LIKE "%<script>%" OR request_body LIKE "%javascript:%"))

📊 Metadata

CVE ID: CVE-2025-15220

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (10th percentile)

Published: December 30, 2025

Last Updated: January 6, 2026

🔗 References

https://github.com/sohutv/cachecloud/issues/379 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.338605 Permissions Required,VDB Entry
https://vuldb.com/?id.338605 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.716320 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15220, you might also want to check these: